由买买提看人间百态

boards

本页内容为未名空间相应帖子的节选和存档,一周内的贴子最多显示50字,超过一周显示500字 访问原贴
Security版 - Is this a worm?
相关主题
SSL Session 的问题Re: where can I find sample code for SSL client/Serv
[转载] Re: 关于browser security的问题请问什么地方有HTTPS/SSH/VPN/的实现细节
norton 2002 firewall的问题求救[转载] Urgent! Session Var timeout with SSL enabled
Please help!!!Please....[转载] Re: Urgent! Session Var timeout with SSL enabled
请各位行家看看怎么回事[转载] purdueefcu.com safe enough?
How to run HTTPS and SET[转载] 傻眼,我的XP怎么无法访问需要https协议的网站了?
FTPD 的安全问题[转载] 紧急求助
redhat 6.2 vs 7.1?OPENSSL给TOMCAT和IE认证的问题
相关话题的讨论汇总
话题: worm话题: apache话题: my话题: myaddress话题: subject
进入Security版参与讨论
1 (共1页)
g****n
发帖数: 13
1
Hi there,
The root of my linux box kept receving a email recently.
From: Mail Delivery Subsystem
To: apache@myaddress
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
This is a email sent to a wrong address. But the content of this email is
amazing.
From: Apache
To: c********[email protected]
Subject: [MY IP Address]
In the content, it lists all the hardware information of my computer,
including CPU types, netcard types and
p******f
发帖数: 162
2
Yes it is a worm, which has invalded your box thorugh a bug in Apache SSL
module. You should be able to find some .vinik* files under /tmp, which
tells you what the worm could have done in your system. The worm might
have already get the priviledge of your apache user, and try to replace
some of your executable with its code, and also put its copy in some
folders which are writtable by apache users, it also try to put an entry
in crontab of apache users.

【在 g****n 的大作中提到】
: Hi there,
: The root of my linux box kept receving a email recently.
: From: Mail Delivery Subsystem
: To: apache@myaddress
: Subject: Returned mail: see transcript for details
: Auto-Submitted: auto-generated (failure)
: This is a email sent to a wrong address. But the content of this email is
: amazing.
: From: Apache
: To: c********[email protected]

d***c
发帖数: 13
3
just found my mandrake8.2 was messed up by this same worm today.
check your /tmp, there were a whole bunch of hole,rooting,irc staff
sitting on my machine. check your system log files to see if they still
exist. mine were all deleted. check the history of apache user. it was
the only thing by which i could trace out what the intruder did to the system.
the email seemed to be generated by a script named .cinik.??? under /tmp

【在 g****n 的大作中提到】
: Hi there,
: The root of my linux box kept receving a email recently.
: From: Mail Delivery Subsystem
: To: apache@myaddress
: Subject: Returned mail: see transcript for details
: Auto-Submitted: auto-generated (failure)
: This is a email sent to a wrong address. But the content of this email is
: amazing.
: From: Apache
: To: c********[email protected]

1 (共1页)
进入Security版参与讨论
相关主题
OPENSSL给TOMCAT和IE认证的问题请各位行家看看怎么回事
我疯了How to run HTTPS and SET
进不了邮件箱FTPD 的安全问题
Plesk8.1下装SSL, 结果http://www.domain.com出现默认页redhat 6.2 vs 7.1?
SSL Session 的问题Re: where can I find sample code for SSL client/Serv
[转载] Re: 关于browser security的问题请问什么地方有HTTPS/SSH/VPN/的实现细节
norton 2002 firewall的问题求救[转载] Urgent! Session Var timeout with SSL enabled
Please help!!!Please....[转载] Re: Urgent! Session Var timeout with SSL enabled
相关话题的讨论汇总
话题: worm话题: apache话题: my话题: myaddress话题: subject